CVE-2024-46539
📋 TL;DR
Insecure permissions in the Bluetooth Low Energy (BLE) component of the Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS) by exploiting improper access controls. This vulnerability affects users of this specific smartwatch model who have Bluetooth enabled. Attackers within Bluetooth range can disrupt device functionality.
💻 Affected Systems
- Fire-Boltt Artillery Smart Watch NJ-R6E-10.3
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device lockup or permanent bricking requiring factory reset or hardware replacement, with potential data loss from unsynced health/fitness information.
Likely Case
Temporary disruption of smartwatch functions (display, notifications, sensors) until device is manually rebooted or Bluetooth is disabled/re-enabled.
If Mitigated
Minor service interruption with quick recovery if Bluetooth is temporarily disabled or device is rebooted.
🎯 Exploit Status
Proof of concept available in security assessment report. Exploitation requires Bluetooth Low Energy tools and proximity to target device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Contact Fire-Boltt support for firmware update information. Check manufacturer website for firmware updates.
🔧 Temporary Workarounds
Disable Bluetooth when not needed
allTurn off Bluetooth on the smartwatch to prevent BLE attacks
Navigate to Settings > Bluetooth > Turn Off
Limit Bluetooth visibility
allDisable discoverable/pairing mode when not actively pairing devices
Navigate to Settings > Bluetooth > Visibility > Hidden/Non-discoverable
🧯 If You Can't Patch
- Use smartwatch only in trusted environments with controlled Bluetooth access
- Monitor for unusual Bluetooth connection attempts or device behavior changes
🔍 How to Verify
Check if Vulnerable:
Check if device model is Fire-Boltt Artillery NJ-R6E-10.3. If Bluetooth is enabled and device experiences unexpected disconnections or freezes when Bluetooth scanning tools are nearby, it may be vulnerable.Check Version:
Navigate to Settings > About > Version on the smartwatch to check firmware versionVerify Fix Applied:
Test with BLE security assessment tools from the referenced GitHub report. If DoS attacks no longer succeed, fix is likely applied.📡 Detection & Monitoring
Log Indicators:
- Multiple failed Bluetooth connection attempts
- Unexpected Bluetooth service restarts
- Device reboot events without user action
Network Indicators:
- Unusual BLE packet patterns from unknown MAC addresses
- Excessive BLE connection requests
SIEM Query:
Not applicable for consumer smartwatches without enterprise logging capabilities